Primitive Bear

Threat Actor updated 6 months ago (2024-11-29T14:19:21.029Z)

Download STIX

Preview STIX

Primitive Bear, also known as Gamaredon, UAC-0010, and Shuckworm, is a threat actor associated with Russia that has been actively targeting Ukraine for over a decade. This group has primarily focused on organizations within government, defense, and critical infrastructure sectors. Since our update in early February, Ukraine's cyber domain has experienced escalating threats from Russia. While there is no confirmed link to Primitive Bear, we anticipate an increase in malicious cyber activities in the coming weeks as the conflict between the countries evolves. In a keynote presentation at CPX 2024, Maya Horowitz, Vice President of Research at Check Point, highlighted that USBs were the primary infection vector for three major threat groups in 2023, including Russia's Primitive Bear. Despite the attention drawn by Russian deployment of wiper malware in late January, a report by Ukraine's State Cyber Protection Centre indicates that Primitive Bear's recent activity has maintained a more traditional focus on espionage and information theft rather than system destruction. The group's actions are generally associated with Russia's Federal Security Service (FSB). The ongoing attribution of these events underlines the complexity and evolving nature of the cybersecurity landscape. As the situation continues to develop, it's crucial to stay updated on the activities of threat actors like Primitive Bear to effectively manage and mitigate the risks they pose.

Description last updated: 2024-05-05T04:56:05.011Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Gamaredon is a possible alias for Primitive Bear. Gamaredon, a Russia-aligned threat actor, has emerged as one of the most active Advanced Persistent Threat (APT) groups in Ukraine, particularly since Russia's 2022 invasion of the country. Composed of regular officers from the Russian Federal Security Service (FSB) and some former law enforcement o	5
Shuckworm is a possible alias for Primitive Bear. Shuckworm, also known as Gamaredon, Primitive Bear, ACTINIUM, and Armageddon, is a threat actor associated with the Russian government. Operational since 2013, it has been primarily targeting Ukrainian entities across multiple sectors, including government, defense, and critical infrastructure. In J	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ukraine

Apt

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Primitive Bear Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	a month ago	Gamaredon targeted the military mission of a Western country based in Ukraine
Securityaffairs	2 months ago	Russia-linked Gamaredon targets Ukraine with Remcos RAT
DARKReading	a year ago	'The Weirdest Trend in Cybersecurity': Nation-States Returning to USBs
CERT-EU	2 years ago	Gamaredon's LittleDrifter USB malware spreads beyond Ukraine
MITRE	2 years ago	Russia’s Gamaredon aka Primitive Bear APT Group Actively Targeting Ukraine
Unit42	2 years ago	Russia’s Trident Ursa (aka Gamaredon APT) Cyber Conflict Operations Unwavering Since Invasion of Ukraine
CERT-EU	2 years ago	Ukraine at D+343: Preparing for an attack on the war's anniversary.
CERT-EU	2 years ago	Warnung vor russischem Bedrohungsakteur Gamaredon : Wie man sich vor der Cyber-Bedrohung schützen kann – Global Security Mag Online